1f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 2f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// found in the LICENSE file. 4f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 5f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#ifndef NET_CERT_CT_VERIFIER_H_ 6f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#define NET_CERT_CT_VERIFIER_H_ 7f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 8f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#include "net/base/net_export.h" 9f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 10f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace net { 11f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 12f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)namespace ct { 13f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)struct CTVerifyResult; 14f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} // namespace ct 15f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 16a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)class BoundNetLog; 17f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class X509Certificate; 18f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 19f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)// Interface for verifying Signed Certificate Timestamps over a certificate. 20f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)class NET_EXPORT CTVerifier { 21f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) public: 22f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual ~CTVerifier() {} 23f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Verifies SCTs embedded in the certificate itself, SCTs embedded in a 255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // stapled OCSP response, and SCTs obtained via the 265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // signed_certificate_timestamp TLS extension on the given |cert|. 275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // A certificate is permitted but not required to use multiple sources for 285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // SCTs. It is expected that most certificates will use only one source 295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // (embedding, TLS extension or OCSP stapling). If no stapled OCSP response 305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // is available, |stapled_ocsp_response| should be an empty string. If no SCT 315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // TLS extension was negotiated, |sct_list_from_tls_extension| should be an 325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // empty string. |result| will be filled with the SCTs present, divided into 335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // categories based on the verification result. 34f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) virtual int Verify(X509Certificate* cert, 355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& stapled_ocsp_response, 36f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const std::string& sct_list_from_tls_extension, 37a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) ct::CTVerifyResult* result, 38a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) const BoundNetLog& net_log) = 0; 39f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)}; 40f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 41f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)} // namespace net 42f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 43f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles)#endif // NET_CERT_CT_VERIFIER_H_ 44